City University of Hong Kong Information on a Course offered by Department of Computer Science with effect from Semester A in 2014 / 2015 Part I Course Title: Topics on Computer Security Course Code: CS4293 Course Duration: One Semester Credit Units: 3 Level: B4 Medium of Instruction: English Prerequisites: (Course Code and Title) (CS2310 Computer Programming or CS2311 Computer Programming or CS2331 Problem Solving and Programming or equivalent) and CS3103 Operating Systems or equivalent and CS3201 Computer Networks or equivalent Precursors: (Course Code and Title) CS4286 Internet Security & E-Commerce Protocols Equivalent Courses: (Course Code and Title) Nil Exclusive Courses: (Course Code and Title) Nil Part II Course Aims This course is aimed at developing students a solid understanding in a range of topics in the area of computer and information security. Student will acquire adequate understanding on threats of web applications and network, and acquire skill to specify and evaluate appropriate security measures for computer systems and software applications.
Course Intended Learning Outcomes (CILOs) (state what the student is expected to be able to do at the end of the course according to a given standard of performance) Upon successful completion of this course, students should be able to: No. CILOs Weighting 1. identify and analyze common threats and vulnerabilities of software and web applications; 2. classify and analyze common threats and vulnerabilities of network and systems; 3. suggest and evaluate major countermeasures to software and web application, network and system attacks; 4. identify and enquire current issues in computer security. Teaching and Learning Activities (TLAs) (Indicative of likely activities and tasks designed to facilitate students achievement of the CILOs. Final details will be provided to students in their first week of attendance in this course) Teaching pattern: Suggested lecture/tutorial/laboratory mix: 2 hrs. lecture; 1 hr. tutorial. This course is aimed at developing students a solid understanding in a range of topics in the area of computer and information security. Student will acquire adequate understanding on threats of web applications and network, and acquire skill to specify and evaluate appropriate security measures for computer systems and software applications. Based on the course ILOs, the teaching/learning activities of the course may include: CILO No. TLAs Hours/week Lectures: The different types of attacks to software, web applications, network and systems will be introduced. Principles, techniques and technologies used for defending against these attacks will be discussed. One of the selected issues in computer security will also be discussed. Tutorials: Tutorials will be conducted in laboratory in the forms of discussion, demonstration and
hands-on sessions. Students will work with selected security and attacking tools. This provides students with hands-on experience in using, configuring the tools and analyzing how the security and attacking tools work. With these exercises, student will know how the adversary makes use of the tool to attack software and web applications. Students will be able to identify and analyse potential threats to computer systems in organizations and formulate solutions as to how organizations may defend themselves. This helps support Course ILO #1, #2, #3 and #4. Case Study: Students will be provided with different attack scenarios and are required to identify the security threats, evaluate and critically analyze the security systems. This activity helps support Course ILO #1, #2, #3 and #4. Assessment Tasks/Activities (Indicative of likely activities and tasks designed to assess how well the students achieve the CILOs. Final details will be provided to students in their first week of attendance in this course) The course ILOs are accessed using the following approach: CILO No. Type of Assessment Tasks/Activities Weighting CILO 1 software and web application attacks. assess the student s understanding in how the various attacks work. Remarks CILO 2 network and system attacks.
assess the ability of the students to explain how the various attacks work. CILO 3 technologies used for defending against software and web application attacks, network and system attacks. assess the students' understanding of the principles, techniques and technologies used for defending against various attacks. Coursework: Students may be required to complete a report on a selected topic. In the information gathering and research process, students are required to identify and discuss the current issues in computer security. The quality and relevance of their research findings will be a measure for this ILO. assess students ability to identify and discuss selected issues in computer security. Grading of Student Achievement: Examination duration: 2 hours Percentage of coursework, examination, etc.: 30% CW; 70% Exam Grading pattern: Standard (A+AA- F) For a student to pass the course, at least 30% of the maximum mark for the examination must be obtained. Part III Keyword Syllabus The syllabus will evolve over time as current topics change. The following are example keyword syllabus: Security policies and legal issues; hardware security, OS security, file system protection, access control; Cryptographic tools; Identity and
credential management, security administration; Hacking attacks and countermeasures, probing tools, malicious codes, virus, security administration; Evaluating system security, TCSEC, CC, secure computing platforms; programming for security, security development process; Database security; Incident and Intrusion handling; Mobile security. Syllabus Selected topic from the following: 1. Software security Software attacks and countermeasures web application attacks and countermeasures web 2.0 application attacks and countermeasures 2. Network Security Network attacks and countermeasures Intrusion detection systems Phases in launching an attack and countermeasures 3. Selected topics in computer security Security policy, Information Governance, Information Privacy, Security Evaluation, Legal issues, Computer Crime and Computer Forensics, New Access Control Paradigms, Mobile Security, Database security Recommended Reading Text(s) Essential Text Whittaker and Thompson. How to break software security. Addison Wesley (2004) Andrews and Whittaker. How to break web software. Addison Wesley (2006) Skoudis and Liston, Counter Hack Reloaded (2e). Prentice Hall (2006) Supplementary Reading Shah S. Web 2.0 security: Defending Ajax, RIA, and SOA. Thomson (2008) Spitzner L. Honeypot: Tracking hackers. Addison-Wesley (2003) Bace R. G. Intrusion Detection. Macmillan Technical (2000) Online Resources